Privacy In The Digital Age:
Encryption And Mandatory Accessby Kathleen M. Sullivan
Professor of constitutional lawat the Stanford Law School

Testimony Before The US Senate Subcommittee On The
Constitution, Federalism, And Property Rights
Washington, DC: March 17, 1998

Mr. Chairman and Members of the Subcommittee:

Thank you for the opportunity to testify before
you on the constitutional concerns raised by various proposals by the Administration,
the Federal Bureau of Investigation, and some members of Congress to restrict
the use of data encryption on the internet, in particular by requiring those who
make or use encryption technologies to turn over their digital keys to third parties
in order to preserve ready access by government to the encrypted information.
Whether or not such proposals would, if enacted, be struck down by the United
States Supreme Court, the very least that can be said is that they pose serious
risks to the liberty and privacy values embodied in the First Amendment's protection
of the freedom of speech and press, the Fourth Amendment's protection against
unreasonable searches and seizures, and the Fifth Amendment's protection against
compelled self-incrimination. These constitutional costs should be factored carefully
into consideration of any legislation governing key recovery.

Whatever disagreements might divide participants
in this controversy, all can agree upon certain starting points. First, it would
seem beyond reasonable dispute that instantaneous global communication over the
internet has great benefits to offer both to our commercial marketplace and to
our marketplace of ideas, and that the ability of those who use the internet to
maintain some degree of privacy in their communications is essential to maximizing
those benefits. Various polls have suggested that privacy is a very important
issue to users of the internet; for example, a recent Harris poll reported in
Business Week found that 78% of users would be more likely to use the internet
if its privacy protections were more secure. If the internet is to fulfill its
vast potential, then citizens and corporations must be confident that sensitive
information that flows over the internet - from the transmission of credit card
numbers, medical records and trade secrets to the discussion of views critical
of government - will be shielded from unwanted eyes and ears. Privacy with respect
to sensitive information and unpopular opinions is as basic an American value
in the fast-paced information age of the late twentieth century as it was at the
time the Constitution was framed. By enabling secure lines of communication, encryption
allows privacy to retain its historical meaning even in an era of changing technology.

Second, all can agree at the same time that
the use of robust encryption poses some risks as well as benefits. The use of
encryption by criminals or terrorists, for example, may well make it more difficult
in particular instances for the government to protect law-abiding citizens, corporations
or the government itself against threats to personal, business, or national security.
In the absence of mandatory key recovery systems, law enforcement officials can
decode encrypted information only if they can obtain voluntary or compelled cooperation
from the sender or recipient, seize a key from someone else to whom the sender
or recipient has voluntarily or accidentally entrusted it, or deploy superior
computing power sufficient to break the code by the mathematical equivalent of
brute force. Of course, law enforcement officials retain, even in the digital
age, a wide array of traditional methods of surveillance as well as considerable
power to search for, seize, or compel production of communications in plaintext.
Nonetheless, it is understandable that some law enforcement officials would prefer
additional access to encrypted information through the back door of key recovery.

But, third, any such backdoor key access undeniably
has formidable costs as well as benefits. There can be little doubt that universal
third-party key escrow, if mandated, would reduce the degree of privacy we would
all enjoy if we could use strong encryption without turning over keys to outside
intermediaries. The creation of a massive, complex system of key escrow intermediaries
that are not controlled by users would dramatically multiply the opportunities
for information to be transferred into the wrong hands through the mistaken or
fraudulent release of keys. It would also lead to the concentration of valuable
data in centralized databases that would be far more inviting and vulnerable to
targeted attack by criminals than would more decentralized systems of key maintenance.
Backdoor decryption would also, by design, compromise privacy in relation to government.
No matter how benignly motivated, and even if subject to threshold requirements
of judicial approval, government use of key recovery will inevitably be prone
to risks of error. By thus compromising the privacy and security that could otherwise
be obtained through strong encryption, mandatory key escrow would likely have
at least some deterrent effect on the use and growth of internet communication.

Once these initial propositions are established,
it becomes clear that the question before this Subcommittee is whether the actual
gains to effective law enforcement from mandatory key access justify the considerable
costs to constitutionally protected privacy interests that it would entail. Concerns
about crime and terrorism will always seem overriding in the abstract. But legislation
does not operate in the abstract. If mandatory key access is likely to be highly
porous, then criminals will evade its strictures and it will fail to serve the
vital but generalized government interests asserted by key access advocates. On
the other hand, for ordinary law-abiding citizens, mandatory key access does much
that turns traditional constitutional liberties on their head. The method involved
in mandatory key escrow - namely, compromising every citizen's liberty and privacy
in order to make it easier for government to intercept or capture the unlawful
few - is the reverse of our usual procedures under the First, Fourth, and Fifth
Amendments. Usually we allow citizens a wide berth for freedom unless and until
their exercise of liberty threatens to harm others or the state. Thus, no matter
how laudable the generalized law enforcement goals at issue, mandatory key access
also involves extremely serious constitutional tradeoffs.

1. Freedom of Speech and Press.

The First Amendment provides in relevant part
that "Congress shall make no law abridging the freedom of speech, or of the
press." Of course, the right to speak is not absolute; government may regulate
speech to prevent particularized and imminent harms, such as the stampede that
might be caused by the proverbial shout of "Fire!" in a crowded theater,
or the violence that might ensue from a speaker's face-to-face provocation of
an edgy mob. But the story of free speech protection in the twentieth century
consists very largely of the Supreme Court's increasing insistence that entire
categories of speech may not be categorically or prophylactically presumed in
advance to be dangerous and therefore regulable. Rather, outside of certain narrow
areas of unprotected speech such as obscenity, extortion or blackmail, the government
is constitutionally required to be put to its proof, case by case, that a particular
instance of speech is so likely to be seriously harmful as to justify its regulation.
See, e.g., Brandenburg v. Ohio, 395 U.S. 444 (1969).

The Supreme Court likewise has held repeatedly
that government may not impose a total ban on an entire medium of expression in
which willing speakers and listeners otherwise would engage. For example, government
may not ban all leafleting in the public square, all door-to-door solicitation
for charitable causes, or all posting of signs on privately owned residences by
their owners. As the Court recently noted in a unanimous decision, its "prior
decisions have voiced particular concern with laws that foreclose an entire medium
of expression" because, even if such laws do not discriminate against particular
ideas, they "can suppress too much speech." City of Ladue v. Gilleo,
512 U.S. 43 (1994). First Amendment suspicion is understandably raised by any
law that, like a total medium ban, will predictably reduce the quantity of expression
in society.

Mandatory key escrow proposals contravene these
traditional approaches to free speech because they in effect impose a total ban
on a medium of expression - the medium of securely encrypted digital communication
- based merely on generalized predictions of dangerousness. Because some unescrowed
encrypted communications might amount to a crime or provide evidence of a crime,
all unescrowed encrypted communication is forbidden. This reverses the usual presumption
that all categories of speech and all media of expression should be permitted
unless and until a particular instance of speech is shown to be imminently likely
to cause serious harm.

Mandatory key escrow is in considerable tension
with another aspect of our First Amendment tradition as well: By compelling the
maker and/or the user of encryption products unwillingly to disclose how to decrypt
coded information, it arguably violates the right not to speak that has long been
read as an unspoken corollary of the right to speak. Government generally may
not make us speak against our will, whether by pledging allegiance to a flag,
bearing a slogan we find offensive on our automobile license plates, or turning
over part of our property to serve as a bulletin board for our critics. Similarly,
government generally may not force us to disclose our identity when we engage
in otherwise protected expression. The Supreme Court has long held, for example,
that civil rights activists and others who risk retaliation for their important
but unpopular speech may not be made to sign their pamphlets or disclose their
organizational membership lists merely because doing so might make it easier for
government to monitor for subversion or fraud. See Talley v. California, 362 U.S.
60 (1960); NAACP v. Alabama, 357 U.S. 449 (1958).

The Court recently reaffirmed this right against
compelled disclosure of identity in a decision invalidating, on First Amendment
grounds, a criminal ban on unsigned literature in a referendum campaign. In that
decision, McIntyre v. Ohio Elections Commission, 115 S. Ct. 1511 (1995), both
Justice Stevens and Justice Thomas emphasized that an author's decision to remain
anonymous is part of a venerable tradition that stretches back to the nation's
founding era: the Federalist Papers themselves were written under the pseudonym "Publius" and countered by anti-Federalist tracts written under such
pseudonyms as "Cato," "Brutus," and "the Federal Farmer."
To be sure, internet users of encryption technology seek to keep private the content
of as well as the signature on their documents. But a generation that included
Paul Revere as well as Madison, Hamilton and Jay undoubtedly understood that content
("one if by land, two if by sea") no less than authorship sometimes
needs to be encrypted..

It is no answer to such concerns that the proposed
third-party key escrow systems, unlike earlier proposals for government key escrow,
require disclosure of decryption keys not to the government but rather to private
parties chosen by each speaker. The Supreme Court has invalidated, for example,
a requirement that charitable solicitors disclose the amount they spend on overhead
to the private parties from whom they seek donations. See Riley v. National Federation
of the Blind, 487 U.S. 781 (1988). As the Court emphasized in Riley, what matters
is not to whom the disclosure is directed, but whether the government has "mandat[ed]
speech that a speaker would not otherwise make." Mandatory key escrow by
definition does just that.

Nor is it necessarily a sufficient answer to
such concerns that mandatory key escrow aims not at the message but at the vehicle
by which it is expressed - that is, at the equivalent of the envelope rather than
the letter. For the Supreme Court has often admonished that regulation of conduct
that facilitates speech triggers the First Amendment no less than regulation of
the speech itself. For example, government may not prohibit payment for solicitation
of signatures on ballot petitions or the receipt of honoraria for off-duty speeches
and articles by government employees, because such regulations decrease incentives
to engage in speech even if the speech itself may be engaged in by other means.
See Meyer v. Grant, 486 U.S. 414 (1988); United States v. National Treasury Employees
Union, 513 U.S. 454 (1995). Similarly, the Court has been just as willing to invalidate
a selective tax on paper and ink as to invalidate a selective tax on a newspaper
itself. See Mineapolis Star v. Minnesota Commissioner of Revenue, 460 U.S. 575
(1983). Requiring escrowed key encryption - like requiring that letters be mailed
in glassine envelopes - would surely discourage speech as effectively as a tax
or regulation on the underlying speech itself, and thus call for heightened scrutiny
under the First Amendment.

Finally, any provision that conditions the right
to make or sell encryption software upon the government's prior approval of that
software's key recovery capabilities might raise familiar First Amendment concerns
about prior restraint. Assuming that computer code, like scientific or musical
notation, free verse or abstract painting, counts as speech as much as does a
political tract or the daily news, such preclearance requirements, like any system
of speech licensing, creates the danger that the exercise of administrative discretion
will tend to give inadequate protection to interests in freedom of speech. See
generally Bernstein v. United States, 974 F. Supp. 1288 (N.D. Cal. 1997).

2. Protection from Unreasonable Search and Seizure.

The Fourth Amendment protects "the right
of the people to be secure in their persons, houses, papers, and effects, against
unreasonable searches and seizures." It also provides that "no Warrants
shall issue, but upon probable cause" and "particularly describing"
the objects of search or seizure. The reasonableness and warrant requirements
help to ensure that, under our system of government, law enforcement officials
will not engage in dragnets or general searches, no matter how useful they might
be in facilitating occasional access to evidence of crimes. The reason is, of
course, that a general search also sweeps in countless other innocent transactions
of daily life, thus diminishing the privacy and security enjoyed by law-abiding
citizens. As Justice Harlan once wrote, the Fourth Amendment "is designed
not to shield wrongdoers,' but to secure a measure of privacy and a sense of personal
security throughout our society." United States v. White, 401 U.S. 745 (1971)
(Harlan, J., dissenting). Mandatory key escrow bears a troubling resemblance to
a general search, exacting a significant surrender of privacy and security in
the absence of any initial particularized suspicion.

The interests protected by the Fourth Amendment,
which extend beyond "persons, houses, papers and effects" to all aspects
of our lives in which we have "reasonable expectations of privacy,"
were not frozen in time in the eighteenth century. Those interests may well alter
or expand with the advent of new technologies. In Katz v. United States, 389 U.S.
347 (1967), for example, the Court easily found a twentieth-century telephone
call to be the functional equivalent of eighteenth-century "papers," and thus determined that the government's warrantless use of a modern electronic
eavesdropping device was just as problematic under the Fourth Amendment as redcoats
rummaging through one's drawers. Fourth Amendment protections ought likewise extend
by analogy to the internet: Just as one who shuts the door to a phone booth and
pays for a phone call may reasonably expect that the content of his phone call
will not be intercepted, so one who encrypts the content of a transmission over
the internet and carefully secures the key has taken socially reasonable steps
to maintain the confidentiality of his communication.

To be sure, we do not maintain reasonable expectations
of privacy in those aspects of our lives that we voluntarily reveal to potential
uninvited onlookers. For example, the Supreme Court has held that the Fourth Amendment
does not constrain government searches of open fields that would be visible to
hunters passing by and airplane pilots flying overhead, or of garbage bags placed
on the curbside where their contents would be readily accessible to scavengers
and the trash collector. See Oliver v. United States, 466 U.S. 170 (1984); California
v. Greenwood, 486 U.S. 35 (1988). But the Court has never held that the government
is presumptively entitled to access to anything more than we choose voluntarily
to reveal, or risk revealing, to the world at large. We are not normally expected
to grant easements of access to the government to areas of our lives that we have
generally shielded from meaningful public view.

Mandatory key escrow inverts these usual presumptions
by requiring that citizens take affirmative steps to facilitate government surveillance.
Imagine if government, for similar reasons, required us to live in glass houses,
conduct all our conversations loudly and exclusively in English, carry all our
personal belongings in clear plastic bags, or keep all of our possessions in unlocked
cabinets or drawers. Most Americans would no doubt be deeply troubled by such
laws. Government may not bootstrap its way out of Fourth Amendment constraints
simply by outlawing methods for preserving privacy that would otherwise be considered
reasonable within the broad contours of our customs and traditions.

Or suppose that government, under laws more
closely analogous to mandatory digital key escrow, ordered that copies of all
personal papers be deposited in safe deposit boxes in private banks, or that a
duplicate of every set of house keys be kept with an insurance agent, in order
to facilitate ready later access by law enforcement officials. Such methods, much
like the regular conduct of general searches, would seriously compromise the individual
privacy and security that we all enjoy, not just that enjoyed by would-be criminals.

It makes little difference that one is compelled
to turn over one's keys, as an initial matter, to private parties rather than
to the government. The compromise to individual security and privacy remains much
the same. Nor is it plausible to suppose that no government search or seizure
really occurs until government approaches a key escrow agent for the key - at
which point there will be a warrant, a court order or at least enough particularized
suspicion to make the government's action reasonable. Any particularized suspicion
that might be thought to justify key recovery at a later time cannot cure the
problems caused by the generality of the initial sweep.

Imagine, for example, that government required
that we all install surveillance cameras inside our homes - while promising to
turn them on only upon particularized suspicion. Or suppose that government were
to require that we wear computerized jewelry that could be programmed by government
to monitor our movements - but only if government comes to suspect that we are
about to do something illegal. And suppose further that government turned on the
cameras or activated the silent beeper without any specific notice to us akin
to the ancient common-law requirement of knock-and-announce. In such settings,
government's promise that it would activate its enhanced capacity to invade our
privacy only if it accurately suspected us of some wrongdoing would hardly be
enough to assure us that it would never make a mistake or single us out for some
other less relevant reason. It is the very purpose of the Fourth Amendment to
shift the risk of such error to the government.

Finally, proponents of mandatory key recovery
might argue that it presents no greater Fourth Amendment problems than does the
requirement that digital telephones be configured to allow the government to wiretap
conversations. This analogy is inapt. Telephone users necessarily surrender some
control of their communications to telephone companies, who in turn can be, and
historically have been, forced to surrender access to the government; by contrast,
the internet makes possible unmediated communication between speaker and listener
in which the users at all times can maintain exclusive control of the decryption
keys. Mandatory key recovery thus would force internet users to make a copy of
a key they never would have lost control of in its absence. Moreover, telephone
interception applies to ephemeral communications, while mandatory key recovery
gives government potential access to a much broader realm of stored data.

3. Privilege against Self-Incrimination.

The Fifth Amendment provides, among other things,
that no person "shall be compelled in any criminal case to be a witness against
himself." This privilege against self-incrimination helps prevent government
from plundering the defendant's own mind for assistance in convicting him of a
crime. But to trigger the protection of this clause, a communication must simultaneously
be testimonial, incriminating and governmentally compelled.

The contours of the privilege as it applies
to compelled surrender of encryption keys are controversial, but one thing is
clear: Mandatory key escrow would operate to defeat any Fifth Amendment protection
that might otherwise attach by disaggregating the elements of any defense. In
the absence of third-party escrow, government would have to try to compel individual
keyholders to divulge or hand over their keys. Forced recitation of a key from
memory, like forced recitation of a combination to a safe, is arguably testimonial,
as well as incriminating and compelled. Compulsory surrender of a recorded version
of a key might likewise trigger the privilege, at least if the act of production
of the key were itself communicative, for example authenticating a document or
attesting to the defendant's connection to the message that key enables the government
to decrypt.

But the Fifth Amendment privilege could be bypassed
altogether if government could compel production of a key by a third-party escrow
agent rather than from the user of the key. The user's surrender of the key at
the outset is compulsory, but not at that time either testimonial or incriminating.
The user's creation and encryption of any particular message is voluntary, not
compelled. And even if a key enabling decryption of a particular message is incriminating
to the user, its compulsion from the third-party escrow agent does not amount
to testimony by the user. In short, the Fifth Amendment privilege might sometimes
protect the papers of a defendant from compulsory production by the defendant,
but not from compulsory production by a third party, and at a minimum, the same
logic would appear to apply to decryption keys.

Mandatory key recovery thus helps to work an
end run around the protections of the Fifth Amendment privilege against self-incrimination.
Normally it is up to individuals to decide whether to increase the risk that their
documents - or, in this context, their decryption keys - will ultimately be surrendered
to the government by transferring those documents to third parties. Mandatory
key recovery takes away that choice.

4. The problem of futility.

Even clear infringements of fundamental constitutional
rights can sometimes be justified if they are sure to serve compelling government
interests. Prevention of crime, terrorism and threats to national security are
undoubtedly compelling interests. But it is very far from certain that domestic
encryption controls even in tandem with existing or future export controls will
be genuinely effective in preventing such dangers. For the skilled user, strong
encryption will inevitably be available for import from foreign sources. And the
availability of strong encryption from foreign sources can be expected to increase
further to the extent that domestic encryption controls drives software design
talent overseas. Furthermore, high-tech criminal activity can be expected to cultivate
its own encryption expertise, and those who are undeterred by the general criminal
law are unlikely to comply with third-party key escrow requirements. While standardization
of key recovery-based encryption products thus may enable detection and deterrence
of criminals at the lower end of the expertise scale, mandatory key recovery is
far less likely to do the same for the most sophisticated and dangerous criminals
or terrorists. The lower the expected utility of a particular technique of law
enforcement, the less justifiable its adverse impact on our general sense of privacy
and security.

5. Unconstitutional conditions.

The constitutional concerns raised above would
not evaporate if government sought to achieve key escrow through use of its spending
power, rather than through direct regulation. The Supreme Court has long held
that there are limits to how much regulatory leverage government can obtain through
its market participation. Across a range of constitutional areas, the Court has
held that government's power to dictate the terms on which its own resources may
be used may not be used to dictate the terms on which its contracting partners
or grantees may use their own resources. For example, a grant of a public broadcasting
subsidy does not entitle government to bar all editorializing by the recipient,
even if such speech is supported by private funds. Nor may government dictate
to a public employee what income he may derive from speech activities he undertakes
in his spare time. Similarly, the government may impose key recovery requirements
on computer products and internet services that it purchases for its own (presumably
non-classified) use. But that does not necessarily entitle it to impose such requirements
on its suppliers in their dealings with private customers.

To the extent that network externalities require
those who do large amounts of internet business with the government to standardize
their products for both public sector and private sector markets, there is a real
danger that government procurement conditions will operate in fact as regulatory
conditions extending far beyond the scope of a government contract. The significant
temptation for overreaching in such a setting calls for the exercise of considerable
governmental self-restraint.

Conclusion.

Privacy is a basic and traditional constitutional
value served in overlapping ways by the First Amendment's protection of anonymous
speech; by the Fourth Amendment's protection of our persons, houses, papers and
effects and their modern equivalents; and by the Fifth Amendment's protection
of knowledge we commit to memory and decline to divulge to anyone else. Mandatory
key access would undermine all three protections. It would reverse the usual constitutional
presumption that we are free until we pose a threat of material harm, presuming
instead that all securely encrypted internet communications are potentially appropriate
targets for government access. Such an inversion of our constitutional order might
be justified if mandatory key escrow really could keep criminals and terrorists
at bay. But a complex non-user-controlled key access system is likely to be both
easily evaded by high-tech criminals and increasingly vulnerable to their predations
at the expense of ordinary citizens. Under such circumstances, mandatory key access
should be rejected.

Copyright information: Gifts of Speech believes that for copyright purposes, this speech is in the public domain since it is testimony before the U. S. Congress. Any use of this speech, however, should show proper attribution to its author.